Merge pull request #184 from deploymenttheory/dev

Refactor of authentication manager

Author: ShocOne

authenticationhandler/auth_token_management.go

@@ -1,4 +1,4 @@
-// authenticationhandler/auth_handler.go
+// authenticationhandler/authenticationhandler.go
 
 package authenticationhandler
 

authenticationhandler/auth_handler.go renamed to authenticationhandler/authenticationhandler.go

@@ -1,4 +1,4 @@
-// authenticationhandler/auth_bearer_token.go
+// authenticationhandler/basicauthentication.go
 /* The http_client_auth package focuses on authentication mechanisms for an HTTP client.
 It provides structures and methods for handling both basic and bearer token based authentication */
 
@@ -14,8 +14,8 @@ import (
 	"go.uber.org/zap"
 )
 
-// ObtainToken fetches and sets an authentication token using the stored basic authentication credentials.
-func (h *AuthTokenHandler) ObtainToken(apiHandler apihandler.APIHandler, httpClient *http.Client, username string, password string) error {
+// BasicAuthTokenAcquisition fetches and sets an authentication token using the stored basic authentication credentials.
+func (h *AuthTokenHandler) BasicAuthTokenAcquisition(apiHandler apihandler.APIHandler, httpClient *http.Client, username string, password string) error {
 
 	// Use the APIHandler's method to get the bearer token endpoint
 	bearerTokenEndpoint := apiHandler.GetBearerTokenEndpoint()
@@ -60,8 +60,8 @@ func (h *AuthTokenHandler) ObtainToken(apiHandler apihandler.APIHandler, httpCli
 	return nil
 }
 
-// RefreshToken refreshes the current authentication token.
-func (h *AuthTokenHandler) RefreshToken(apiHandler apihandler.APIHandler, httpClient *http.Client) error {
+// RefreshBearerToken refreshes the current authentication token.
+func (h *AuthTokenHandler) RefreshBearerToken(apiHandler apihandler.APIHandler, httpClient *http.Client) error {
 	h.tokenLock.Lock()
 	defer h.tokenLock.Unlock()
 

authenticationhandler/auth_bearer_token.go renamed to authenticationhandler/basicauthentication.go

@@ -1,8 +1,7 @@
-// authenticationhandler/auth_oauth.go
+// authenticationhandler/oauth2.go
 
 /* The http_client_auth package focuses on authentication mechanisms for an HTTP client.
-It provides structures and methods for handling OAuth-based authentication
-*/
+It provides structures and methods for handling OAuth-based authentication */
 
 package authenticationhandler
 
@@ -30,9 +29,9 @@ type OAuthResponse struct {
 	Error        string `json:"error,omitempty"`         // Error contains details if an error occurs during the token acquisition process.
 }
 
-// ObtainOAuthToken fetches an OAuth access token using the provided client ID and client secret.
+// OAuth2TokenAcquisition fetches an OAuth access token using the provided client ID and client secret.
 // It updates the AuthTokenHandler's Token and Expires fields with the obtained values.
-func (h *AuthTokenHandler) ObtainOAuthToken(apiHandler apihandler.APIHandler, httpClient *http.Client, clientID, clientSecret string) error {
+func (h *AuthTokenHandler) OAuth2TokenAcquisition(apiHandler apihandler.APIHandler, httpClient *http.Client, clientID, clientSecret string) error {
 	// Get the OAuth token endpoint from the APIHandler
 	oauthTokenEndpoint := apiHandler.GetOAuthTokenEndpoint()
 

authenticationhandler/auth_oauth.go renamed to authenticationhandler/oauth2.go

@@ -0,0 +1,82 @@
+// authenticationhandler/tokenmanager.go
+package authenticationhandler
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/deploymenttheory/go-api-http-client/apiintegrations/apihandler"
+	"go.uber.org/zap"
+)
+
+// CheckAndRefreshAuthToken checks the token's validity and refreshes it if necessary.
+// It returns true if the token is valid post any required operations and false with an error otherwise.
+func (h *AuthTokenHandler) CheckAndRefreshAuthToken(apiHandler apihandler.APIHandler, httpClient *http.Client, clientCredentials ClientCredentials, tokenRefreshBufferPeriod time.Duration) (bool, error) {
+	if !h.isTokenValid(tokenRefreshBufferPeriod) {
+		h.Logger.Debug("Token found to be invalid or close to expiry, handling token acquisition or refresh.")
+		if err := h.obtainNewToken(apiHandler, httpClient, clientCredentials); err != nil {
+			h.Logger.Error("Failed to obtain new token", zap.Error(err))
+			return false, err
+		}
+	}
+
+	if err := h.refreshTokenIfNeeded(apiHandler, httpClient, clientCredentials, tokenRefreshBufferPeriod); err != nil {
+		h.Logger.Error("Failed to refresh token", zap.Error(err))
+		return false, err
+	}
+
+	isValid := h.isTokenValid(tokenRefreshBufferPeriod)
+	h.Logger.Info("Token validation status post check", zap.Bool("IsValid", isValid))
+	return isValid, nil
+}
+
+// isTokenValid checks if the current token is non-empty and not about to expire.
+// It considers a token valid if it exists and the time until its expiration is greater than the provided buffer period.
+func (h *AuthTokenHandler) isTokenValid(tokenRefreshBufferPeriod time.Duration) bool {
+	isValid := h.Token != "" && time.Until(h.Expires) >= tokenRefreshBufferPeriod
+	h.Logger.Debug("Checking token validity", zap.Bool("IsValid", isValid), zap.Duration("TimeUntilExpiry", time.Until(h.Expires)))
+	return isValid
+}
+
+// obtainNewToken acquires a new token using the credentials provided.
+// It handles different authentication methods based on the AuthMethod setting.
+func (h *AuthTokenHandler) obtainNewToken(apiHandler apihandler.APIHandler, httpClient *http.Client, clientCredentials ClientCredentials) error {
+	var err error
+	if h.AuthMethod == "basicauth" {
+		err = h.BasicAuthTokenAcquisition(apiHandler, httpClient, clientCredentials.Username, clientCredentials.Password)
+	} else if h.AuthMethod == "oauth2" {
+		err = h.OAuth2TokenAcquisition(apiHandler, httpClient, clientCredentials.ClientID, clientCredentials.ClientSecret)
+	} else {
+		err = fmt.Errorf("no valid credentials provided. Unable to obtain a token")
+		h.Logger.Error("Authentication method not supported", zap.String("AuthMethod", h.AuthMethod))
+	}
+
+	if err != nil {
+		h.Logger.Error("Failed to obtain new token", zap.Error(err))
+	}
+	return err
+}
+
+// refreshTokenIfNeeded refreshes the token if it's close to expiration.
+// This function decides on the method based on the credentials type available.
+func (h *AuthTokenHandler) refreshTokenIfNeeded(apiHandler apihandler.APIHandler, httpClient *http.Client, clientCredentials ClientCredentials, tokenRefreshBufferPeriod time.Duration) error {
+	if time.Until(h.Expires) < tokenRefreshBufferPeriod {
+		h.Logger.Info("Token is close to expiry and will be refreshed", zap.Duration("TimeUntilExpiry", time.Until(h.Expires)))
+		var err error
+		if clientCredentials.Username != "" && clientCredentials.Password != "" {
+			err = h.RefreshBearerToken(apiHandler, httpClient)
+		} else if clientCredentials.ClientID != "" && clientCredentials.ClientSecret != "" {
+			err = h.OAuth2TokenAcquisition(apiHandler, httpClient, clientCredentials.ClientID, clientCredentials.ClientSecret)
+		} else {
+			err = fmt.Errorf("unknown auth method")
+			h.Logger.Error("Failed to determine authentication method for token refresh", zap.String("AuthMethod", h.AuthMethod))
+		}
+
+		if err != nil {
+			h.Logger.Error("Failed to refresh token", zap.Error(err))
+			return err
+		}
+	}
+	return nil
+}

authenticationhandler/tokenmanager.go

@@ -1,4 +1,4 @@
-// authenticationhandler/auth_validation.go
+// authenticationhandler/validation.go
 
 package authenticationhandler
 

authenticationhandler/auth_validation.go renamed to authenticationhandler/validation.go

@@ -197,8 +197,20 @@ func (ch *ConcurrencyHandler) MonitorServerResponseCodes(resp *http.Response) in
 var responseTimes []time.Duration
 var responseTimesLock sync.Mutex
 
-// MonitorResponseTimeVariability monitors the response time variability and suggests a concurrency adjustment.
-// MonitorResponseTimeVariability monitors the response time variability and suggests a concurrency adjustment.
+// MonitorResponseTimeVariability assesses the response time variability from a series of HTTP requests and decides whether to adjust the concurrency level of outgoing requests. This function is integral to maintaining optimal system performance under varying load conditions.
+//
+// The function first appends the latest response time to a sliding window of the last 10 response times to maintain a recent history. It then calculates the standard deviation and the average of these times. The standard deviation helps determine the variability or consistency of response times, while the average gives a central tendency.
+//
+// Based on these calculated metrics, the function employs a multi-factor decision mechanism:
+// - If the standard deviation exceeds a pre-defined threshold and the average response time is greater than an acceptable maximum, a debounce counter is incremented. This counter must reach a predefined threshold (debounceScaleDownThreshold) before a decision to decrease concurrency is made, ensuring that only sustained negative trends lead to a scale down.
+// - If the standard deviation is below or equal to the threshold, suggesting stable response times, and the system is currently operating below its concurrency capacity, it may suggest an increase in concurrency to improve throughput.
+//
+// This approach aims to prevent transient spikes in response times from causing undue scaling actions, thus stabilizing the overall performance and responsiveness of the system.
+//
+// Returns:
+// - (-1) to suggest a decrease in concurrency,
+// - (1) to suggest an increase in concurrency,
+// - (0) to indicate no change needed.
 func (ch *ConcurrencyHandler) MonitorResponseTimeVariability(responseTime time.Duration) int {
 	ch.Metrics.ResponseTimeVariability.Lock.Lock()
 	defer ch.Metrics.ResponseTimeVariability.Lock.Unlock()
@@ -229,7 +241,30 @@ func (ch *ConcurrencyHandler) MonitorResponseTimeVariability(responseTime time.D
 	return 0 // Default to no change
 }
 
-// calculateAverage computes the average response time from a slice of response times.
+// calculateAverage computes the average response time from a slice of time.Duration values.
+// The average, or mean, is a measure of the central tendency of a set of values, providing a simple
+// summary of the 'typical' value in a set. In the context of response times, the average gives a
+// straightforward indication of the overall system response performance over a given set of requests.
+//
+// The function performs the following steps to calculate the average response time:
+// 1. Sum all the response times in the input slice.
+// 2. Divide the total sum by the number of response times to find the mean value.
+//
+// This method of averaging is vital for assessing the overall health and efficiency of the system under load.
+// Monitoring average response times can help in identifying trends in system performance, guiding capacity planning,
+// and optimizing resource allocation.
+//
+// Parameters:
+// - times: A slice of time.Duration values, each representing the response time for a single request.
+//
+// Returns:
+//   - time.Duration: The average response time across all provided times. This is a time.Duration value that
+//     can be directly compared to other durations or used to set thresholds for alerts or further analysis.
+//
+// Example Usage:
+// This function is typically used in performance analysis where the average response time is monitored over
+// specific intervals to ensure service level agreements (SLAs) are met or to trigger scaling actions when
+// average response times exceed acceptable levels.
 func calculateAverage(times []time.Duration) time.Duration {
 	var total time.Duration
 	for _, t := range times {
@@ -238,7 +273,28 @@ func calculateAverage(times []time.Duration) time.Duration {
 	return total / time.Duration(len(times))
 }
 
-// calculateStdDev computes the standard deviation of response times.
+// calculateStdDev computes the standard deviation of response times from a slice of time.Duration values.
+// Standard deviation is a measure of the amount of variation or dispersion in a set of values. A low standard
+// deviation indicates that the values tend to be close to the mean (average) of the set, while a high standard
+// deviation indicates that the values are spread out over a wider range.
+//
+// The function performs the following steps to calculate the standard deviation:
+// 1. Calculate the mean (average) response time of the input slice.
+// 2. Sum the squared differences from the mean for each response time. This measures the total variance from the mean.
+// 3. Divide the total variance by the number of response times to get the average variance.
+// 4. Take the square root of the average variance to obtain the standard deviation.
+//
+// This statistical approach is crucial for identifying how consistently the system responds under different loads
+// and can be instrumental in diagnosing performance fluctuations in real-time systems.
+//
+// Parameters:
+// - times: A slice of time.Duration values representing response times.
+//
+// Returns:
+// - float64: The calculated standard deviation of the response times, which represents the variability in response times.
+//
+// This function is typically used in performance monitoring to adjust system concurrency based on the stability
+// of response times, as part of a larger strategy to optimize application responsiveness and reliability.
 func calculateStdDev(times []time.Duration) float64 {
 	var sum time.Duration
 	for _, t := range times {

authenticationhandler/auth_validation_test.go renamed to authenticationhandler/validation_test.go

@@ -31,7 +31,7 @@ func DetermineAuthMethod(authConfig AuthConfig) (string, error) {
 		validClientSecret, clientSecretErrMsg = authenticationhandler.IsValidClientSecret(authConfig.ClientSecret)
 		// If both ClientID and ClientSecret are valid, use OAuth
 		if validClientID && validClientSecret {
-			return "oauth", nil
+			return "oauth2", nil
 		}
 	}
 
@@ -41,7 +41,7 @@ func DetermineAuthMethod(authConfig AuthConfig) (string, error) {
 		validPassword, passwordErrMsg = authenticationhandler.IsValidPassword(authConfig.Password)
 		// If both Username and Password are valid, use Bearer
 		if validUsername && validPassword {
-			return "bearer", nil
+			return "basicauth", nil
 		}
 	}
 

concurrency/metrics.go

@@ -48,7 +48,7 @@ func (c *Client) DoMultipartRequest(method, endpoint string, fields map[string]s
 		ClientSecret: c.clientConfig.Auth.ClientSecret,
 	}
 
-	valid, err := c.AuthTokenHandler.ValidAuthTokenCheck(c.APIHandler, c.httpClient, clientCredentials, c.clientConfig.ClientOptions.TokenRefreshBufferPeriod)
+	valid, err := c.AuthTokenHandler.CheckAndRefreshAuthToken(c.APIHandler, c.httpClient, clientCredentials, c.clientConfig.ClientOptions.TokenRefreshBufferPeriod)
 	if err != nil || !valid {
 		return nil, err
 	}

httpclient/auth_method.go

@@ -123,7 +123,7 @@ func (c *Client) executeRequestWithRetries(method, endpoint string, body, out in
 		ClientSecret: c.clientConfig.Auth.ClientSecret,
 	}
 
-	valid, err := c.AuthTokenHandler.ValidAuthTokenCheck(c.APIHandler, c.httpClient, clientCredentials, c.clientConfig.ClientOptions.TokenRefreshBufferPeriod)
+	valid, err := c.AuthTokenHandler.CheckAndRefreshAuthToken(c.APIHandler, c.httpClient, clientCredentials, c.clientConfig.ClientOptions.TokenRefreshBufferPeriod)
 	if err != nil || !valid {
 		return nil, err
 	}
@@ -286,7 +286,7 @@ func (c *Client) executeRequest(method, endpoint string, body, out interface{})
 		ClientSecret: c.clientConfig.Auth.ClientSecret,
 	}
 
-	valid, err := c.AuthTokenHandler.ValidAuthTokenCheck(c.APIHandler, c.httpClient, clientCredentials, c.clientConfig.ClientOptions.TokenRefreshBufferPeriod)
+	valid, err := c.AuthTokenHandler.CheckAndRefreshAuthToken(c.APIHandler, c.httpClient, clientCredentials, c.clientConfig.ClientOptions.TokenRefreshBufferPeriod)
 	if err != nil || !valid {
 		return nil, err
 	}